People may go to great lengths to get money, and scamming is one of the most common when it comes to the web.
Researchers from cybersecurity company Palo Alto Networks, have discovered fake Adobe Flash updaters which have been around since August 2018. The updaters claim to be legitimate Flash updaters, but apparently hid a malicious file that installs and runs cryptocurrency mining bot called XMRig, which mines the privacy coin Monero.
The way they scam people by first installing genuine Flash updates have certainly deceived people.
Since users saw their computers run Flash as normal, they normally wouldn't realize the presence of the malware. Many users may not even aware that a portion of their computers' CPU power have been enslaved for mining cryptocurrency for someone else.
While searching for these fake Flash updates, the researchers found 113 instances of files with the AdobeFlashPlayer prefix hosted on servers not operated by Adobe
The researchers from Palo Alto Networks believe that users are directed to these scam updaters via spoof URLs. The researchers have tested the fake URLs and found that the installer indeed installs Flash. But after it installs Flash, it also installs mining bot which connects to Monero mining pool.
And in this case, any mined Monero is redirected to a single wallet.
Some research suggested that more than $250,000 of Monero is being mined through illegitimate browser-based mining scripts every month.
Cryptocurrency mining malware and cryptojacking is not a new phenomenon, and remains a very big threat to consumers. And again, Monero is the coin of choice for the scammers.
Despite a growing push for websites to use HTML5, Adobe’s Flash Player is still very common. A lot of online video contents, for example, can only be viewed when this particular browser plugin is installed on users' computer. As is the case with any form of software, the Flash Player needs to be upgraded whenever Adobe releases a patch.
This creates an opportunity for criminals to strike.
Research by Palo Alto are concerned about the increase in the number of fake Adobe Flash updaters. Other than cryptocurrency mining bots, types of malware that can also be distributed include information stealers, and even ransomware.
Making things worse, most of those fake updater tools cannot be easily distinguished from genuine products.
But thankfully, the Monero community is stepping up its game. People have created initiatives to warn about the dangers of mining malware, and the Monero Malware Response Workgroup is also trying to combat the growing number of Monero-based hacks.